aboutsummaryrefslogtreecommitdiffstats
path: root/docs/xacml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/xacml')
-rw-r--r--docs/xacml/xacml.rst8
1 files changed, 4 insertions, 4 deletions
diff --git a/docs/xacml/xacml.rst b/docs/xacml/xacml.rst
index ff8c0b74..05e5bd5d 100644
--- a/docs/xacml/xacml.rst
+++ b/docs/xacml/xacml.rst
@@ -8,7 +8,7 @@ Policy XACML PDP Engine
.. toctree::
:maxdepth: 2
-The ONAP XACML Policy PDP Engine uses an `open source implementation <https://github.com/att/xacml-3.0>`__ of the `OASIS XACML 3.0 Standard <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml>`__ to support fine-grained policy decisions in the ONAP. The XACML 3.0 Standard is a language for both policies and requests/responses for access control decisions. The ONAP XACML PDP translates TOSCA Compliant Policies into the XACML policy language, loads the policies into the XACML engine and exposes a Decision API which uses the XACML request/response language to render decisions for ONAP components.
+The ONAP XACML Policy PDP Engine uses an `open source implementation <https://github.com/att/xacml-3.0>`__ of the `OASIS XACML 3.0 Standard <http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html>`__ to support fine-grained policy decisions in the ONAP. The XACML 3.0 Standard is a language for both policies and requests/responses for access control decisions. The ONAP XACML PDP translates TOSCA Compliant Policies into the XACML policy language, loads the policies into the XACML engine and exposes a Decision API which uses the XACML request/response language to render decisions for ONAP components.
ONAP XACML PDP Supported Policy Types
*************************************
@@ -246,7 +246,7 @@ This is an example Decision API payload made to retrieve a decision for an Optim
Native XACML Policy Type
========================
-This Policy type is used by any client or ONAP component who has the need of native XACML evaluation. A native XACML policy or policy set encoded in XML can be created off this policy type and loaded into the XACML PDP engine by invoking the PAP policy deployment API. Native XACML requests encoded in either JSON or XML can be sent to the XACML PDP engine for evaluation by invoking the native decision API. Native XACML responses will be returned upon evaluating the requests against the matching XACML policies. Those native XACML policies, policy sets, requests and responses all follow the `OASIS XACML 3.0 Standard <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml>`__.
+This Policy type is used by any client or ONAP component who has the need of native XACML evaluation. A native XACML policy or policy set encoded in XML can be created off this policy type and loaded into the XACML PDP engine by invoking the PAP policy deployment API. Native XACML requests encoded in either JSON or XML can be sent to the XACML PDP engine for evaluation by invoking the native decision API. Native XACML responses will be returned upon evaluating the requests against the matching XACML policies. Those native XACML policies, policy sets, requests and responses all follow the `OASIS XACML 3.0 Standard <http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html>`__.
.. csv-table::
:header: "Policy Type", "Action", "Description"
@@ -290,9 +290,9 @@ Overriding or Extending the ONAP XACML PDP Supported Policy Types
It is possible to extend or replace one or more of the existing ONAP application implementations with your own. Since the XACML application loader uses the java.util.Service class to search the classpath to find and load applications, it may be necessary via the configuration file to exclude the ONAP packaged applications in order for your custom application to be loaded. This can be done via the configuration file by adding an **exclusions** property with a list of the Java class names you wish to exclude.
-`A configuration file example is located here <https://github.com/onap/policy-xacml-pdp/blob/7711185bb36b387e3596653ca170262f919ff474/main/src/test/resources/parameters/XacmlPdpConfigParameters_Exclusions.json#L19>`_
+`A configuration file example is located here at Line 19 <https://github.com/onap/policy-xacml-pdp/blob/7711185bb36b387e3596653ca170262f919ff474/main/src/test/resources/parameters/XacmlPdpConfigParameters_Exclusions.json>`_
-A coding example is available in the JUnit test for the Application Manager called `testXacmlPdpApplicationManagerSimple <https://github.com/onap/policy-xacml-pdp/blob/7711185bb36b387e3596653ca170262f919ff474/main/src/test/java/org/onap/policy/pdpx/main/rest/XacmlPdpApplicationManagerTest.java#L143>`_. This example demonstrates how to exclude the Match and Guard applications while verifying a custom `TestGuardOverrideApplication <https://github.com/onap/policy-xacml-pdp/blob/master/main/src/test/java/org/onap/policy/pdpx/main/rest/TestGuardOverrideApplication.java>`_ class is loaded and associated with the **guard** action. Thus, replacing and extending the guard application.
+A coding example is available in the JUnit test for the Application Manager called `testXacmlPdpApplicationManagerSimple at Line 143 <https://github.com/onap/policy-xacml-pdp/blob/7711185bb36b387e3596653ca170262f919ff474/main/src/test/java/org/onap/policy/pdpx/main/rest/XacmlPdpApplicationManagerTest.java>`_. This example demonstrates how to exclude the Match and Guard applications while verifying a custom `TestGuardOverrideApplication <https://github.com/onap/policy-xacml-pdp/blob/master/main/src/test/java/org/onap/policy/pdpx/main/rest/TestGuardOverrideApplication.java>`_ class is loaded and associated with the **guard** action. Thus, replacing and extending the guard application.
Note that this XACML PDP feature is exclusive to the XACML PDP and is secondary to the ability of the PAP to group PDP's and declare which Policy Types are supported by a PDP group. For example, even if a PDP group excludes a Policy Type for a XACML PDP, this simply prevents policies being deployed to that group using the PAP Deployment API. If there is no **exclusions** in the configuration file, then any application will be loaded that it is in the classpath. If needed, one could use both PDP group Policy Type supported feature **and** the exclusions configuration to completely restrict which Policy Types as well as which applications are loaded at runtime.